From 6d947f6f7e784edfcfa507374942a784c417b571 Mon Sep 17 00:00:00 2001 From: Brice Johnson Date: Fri, 19 Nov 2021 08:07:54 -0700 Subject: [PATCH] Allowing 3rd party UIs to access `x-total-count` http header (#1470) * Adding 'x-content-duratin' and 'x-total-count' to CORS exposed headers * Moving cors setup to middlewares.go * adding x-nd-authorization to exposed headers --- server/middlewares.go | 19 +++++++++++++++++++ server/server.go | 3 +-- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/server/middlewares.go b/server/middlewares.go index 42b88281c..9f291e26a 100644 --- a/server/middlewares.go +++ b/server/middlewares.go @@ -7,6 +7,8 @@ import ( "strings" "time" + "github.com/go-chi/cors" + "github.com/go-chi/chi/v5/middleware" "github.com/navidrome/navidrome/consts" "github.com/navidrome/navidrome/log" @@ -71,6 +73,23 @@ func robotsTXT(fs fs.FS) func(next http.Handler) http.Handler { } } +func corsHandler() func(h http.Handler) http.Handler { + return cors.Handler(cors.Options{ + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{ + http.MethodHead, + http.MethodGet, + http.MethodPost, + http.MethodPut, + http.MethodPatch, + http.MethodDelete, + }, + AllowedHeaders: []string{"*"}, + AllowCredentials: false, + ExposedHeaders: []string{"x-content-duration", "x-total-count", "x-nd-authorization"}, + }) +} + func secureMiddleware() func(h http.Handler) http.Handler { sec := secure.New(secure.Options{ ContentTypeNosniff: true, diff --git a/server/server.go b/server/server.go index 022e52b03..d59f5102f 100644 --- a/server/server.go +++ b/server/server.go @@ -8,7 +8,6 @@ import ( "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" - "github.com/go-chi/cors" "github.com/go-chi/httprate" "github.com/navidrome/navidrome/conf" "github.com/navidrome/navidrome/consts" @@ -57,7 +56,7 @@ func (s *Server) initRoutes() { r := chi.NewRouter() r.Use(secureMiddleware()) - r.Use(cors.AllowAll().Handler) + r.Use(corsHandler()) r.Use(middleware.RequestID) if conf.Server.ReverseProxyWhitelist == "" { r.Use(middleware.RealIP)